[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for SignatureIdentifier-structure
Hallo all, as briefly discussed during our last phone call, we need to define some generalization of the <dss:SignaturePtr>-element, which allows to identify a given signature in the verification report - even if a) the <dss:InputDocuments>-element is not available anymore and/or b) the signature is not based on XML-DSig. For this purpose I would propose - similar to the (certificate-) references defined in XAdES - a SignatureIdentifierType-structure, which - MUST contain the digest of the referenced signature (i.e. the <Signature>-element or the SignerInfo-structure within some CMS-container (which in turn may be embedded in some pdf-document, etc.) and - MAY contain further information, which eases the identification of the signature by human users (=> SignedProperties element) or automated systems (=> WhichDocument, XPath, Offset attributes). The SignedProperties-element SHOULD contain the SigningTime- and SigningCertificate-properties, if available and MAY contain other properties, which aid identification. The WhichDocument-attribute is useful as long as the <dss:InputDocuments> is available. The XPath-attribute identifies the signature within an XML-document. The Offset-attribute points to the first byte of the signature within a binary document and hence MAY facilitate the processing of non-XML-documents. The entire structure would look as follows: <complexType name="SignatureIdentifierType"> <sequence> <element name="DigestAlgAndValue" type="XAdES:DigestAlgAndValueType" /> <element name="SignedProperties" type="vr:SignedPropertiesType" maxOccurs="1" minOccurs="0" /> </sequence> <attribute name="WhichDocument" type="IDREF" use="optional"/> <attribute name="XPath" type="string" use="optional"/> <attribute name="Offset" type="integer" use="optional"/> </complexType> Please let me know what you think about this proposal. BR, Detlef -- Dipl. Inform. (FH) Dr. rer. nat. Detlef Hühnlein Partner secunet Security Networks AG Sudetenstraße 16 96247 Michelau Telefon +49 9571 896479 Mobil +49 171 9754980 detlef.huehnlein@secunet.com www.secunet.com ====================== Besuchen Sie uns auf der CeBIT 2008, 4. - 9. März 2008, Halle 6 Stand J36 (www.cebit.de) ---------------------- und auf dem Managed Security Forum 2008 2. April in Frankfurt am Main 7. Mai in Düsseldorf 29. Mai in Hamburg 16. Juni in München (www.managed-security-forum.org) Wir freuen uns auf interessante Gespräche mit Ihnen. ====================== secunet Security Networks AG Kronprinzenstr. 30 45128 Essen Amtsgericht Essen HRB 13615 Vorstand: Dr. Rainer Baumgart Thomas Koelzer Thomas Pleines Aufsichtsratsvorsitzender: Dr. Karsten Ottenberg Diese E-mail kann vertrauliche Informationen enthalten. Falls Sie diese E-Mail irrtümlich erhalten haben, informieren Sie bitte unverzüglich den Absender und löschen Sie diese E-Mail von jedem Rechner, auch von den Mailservern. Jede Verbreitung des Inhalts, auch die teilweise Verbreitung, ist in diesem Fall untersagt. Außer bei Vorsatz oder grober Fahrlässigkeit schließen wir jegliche Haftung für Verluste oder Schäden aus, die durch Viren befallene Software oder E-Mails verursacht werden. This e-mail may contain strictly confidential information and is intended for the person to which it is addressed only. Any dissemination, even partly, is prohibited. If you receive this e-mail by mistake, please contact the sender and delete this e-mail from your computer, including your mailserver. Except in case of gross negligence or wilful misconduct we accept no liability for any loss or damage caused by software or e-mail viruses.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]